The AFALG engine created a global EVP_CIPHER instance but was not freeing
it up when the engine was destroyed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The help text for -d in 'config' was aged, and the option processing
in 'config.com' was just different. This harmonizes 'config.com' with
the instructions in INSTALL and both current reality.
Reviewed-by: Rich Salz <rsalz@openssl.org>
UEFI needs this too. Don't keep it only in the Windows/DOS ifdef block.
This is a fixed version of what was originally commit 963bb62195 and
subsequently reverted in commit 37b1f8bd62. Somewhere along the way, the
Windows/DOS ifdef actually got removed, leaving it just broken. It should
have been turned into an #elif, not removed.
This one correctly changes the logic from
# if WINDOWS|DOS
# if OPENSSL_NO_SOCK
... no-sock ...
# elif !DJGPP
... native windows ...
to
# if OPENSSL_NO_SOCK
... no-sock ...
# elif WINDOWS|DOS
# if !DJGPP
... native windows ...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
The source file generators sometimes use $(CC) to post-process
generated source, and getting the inclusion directories may be
necessary at times, so we pass them down.
RT#4406
Reviewed-by: Rich Salz <rsalz@openssl.org>
Although theoretically possible, Configure doesn't treat CC variable
set like this very well: CC="ccache i686-w64-mingw32-gcc"
Also, this Travis script doesn't recognise the possibility either.
Reviewed-by: Rich Salz <rsalz@openssl.org>
BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb177301f). Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.
It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some of the ASN.1 routines for the GeneralizedTime type can return
errors; check for these and do not continue past failure, so as
to appease coverity.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
The reason for this is that the static libraries and the DLL import
libraries are named the same on Windows. When configured "shared",
the static libraries are unused anyway.
Reviewed-by: Rich Salz <rsalz@openssl.org>
set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
This corrects a fault where the inner IF in this example was still
being acted upon:
IF[0]
...whatever...
IF[1]
...whatever more...
ENDIF
ENDIF
With this change, the inner IF is skipped over.
Reviewed-by: Matt Caswell <matt@openssl.org>
Adjust ssl_set_client_hello_version to get both the minimum and maximum and then
make ssl_set_client_hello_version use the maximum version.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
The "extra checks" is a debugging tool to check the config resolving
mechanism. It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.
So, it gets commented away, but stays otherwise in place, as it may be
useful again.
Reviewed-by: Matt Caswell <matt@openssl.org>
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
